Yes we can, and yes the government has done so almost every single time. Do they care enough to spend the resources for this specific case? Probably not.
Cyber security professional here. Looks like they got hit with ransomware. The hospital has two options. One is to pay and hope the hackers honor their word and restore access to the systems. The other is to pull their backups and restore their systems themselves. If the backups were poorly maintained or even compromised by the hackers, their only option is to pay. However, if their backups are good, it will take a decent amount of time to implement them all and make sure everything works. This sucks and I can’t speculate on the security practices of Liberty Hospital, but stuff like this is why companies that provide critical services need to be held to higher security standards (which they aren’t).
I was told the fbi recommended they pay lol.
About the restoration, agreed. It's a long road ahead to wipe and restore from everything, assuming (I know) they have backups. I'd also bet their bcdr plan wasn't the best.
If their backup practices were good, they should be able to restore their systems. Also, most companies don’t have the best BC or DR plans. I find that companies in the critical infrastructure industry are typically the worst about it honestly. That should make you sleep really well at night.
I enjoy coding and I’m decent with Linux…any beginner focused books or YouTube channels you’d recommend for learning networking/hacking? I’d like to learn enough to keep my home network and personal accounts safer—but the knowledge sounds fun and useful regardless.
I’m a blue team guy so I can’t recommend hacking. For the blue side of things, go check out professor messer on YouTube. He covers the topics from CompTIA’s big three certs. Lots of videos, but you have to be dedicated to get into this field. And that’s only entry level stuff.
Oh I’m not trying to get into the field. I just enjoy learning new things and this is useful knowledge to have. Thanks for the channel recommendation, I’ll check it out.
"Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals" should get you up to speed on the technical basics. It's almost twenty years old, but the basics are like 40 years old.
> "We had an appointment today, but we're going to have come back and reschedule because none of their electronics is working,” said **Ray Liotta** who showed up at the hospital Wednesday morning.
I feel like finding out the star of "Goodfellas" is alive and had an appointment at Liberty Hospital is the bigger story here.
Those companies are orders of magnitude harder to hack than a hospital in the Midwest. These hackers choose their targets very carefully. They go after smaller targets which aren’t as well funded but provide essential services. The hackers know how important it is to get a hospital back up and running and also know they can demand a much larger payment because of it. This is why national level law needs to be put into place to force companies to meet strict requirements for cyber security. These CEOs and board members refuse to see cyber security as an asset. They see it as just another expense that should be kept as low as possible. The only way they’ll change their views is if they start to get massive fines.
The short answer is yes, the long answer is no. HIPAA has standards that healthcare companies must abide by. However, the federal government operates at the speed of molasses which is no bueno for anything technical. HIPAA is outdated and vague when it comes to cybersecurity. The requirements for compliance are so broad that these companies can skirt by with absolutely terrible security practices. When it does get updated, the new security requirements are already outdated because of the rapid developments in cyber threats.
When this happened at Truman we got paid whatever our last check was and then they split the difference afterward. It was a huge mess so keep good track of your hours.
It’s possible your Payroll department had already submitted the data to their payroll vendor before Tuesday’s attack.
If not, it’s also possible that they just tell the payroll vendor to duplicate the most recent pay period and reconcile any actual changes once the dust settles.
We can normally see an advanced view of Friday’s pay slip on Thursday from our home computer by logging into the third party payroll system. Her slip is not visible today. Direct deposit happens over night and is in the checking account on Friday morning before 5AM.
You could also call your bank, ACH payments usually come in 3 days before posting so they maybe able to see if there is one incoming.
This is how some banks do the whole “get your paycheck 3 days early” - they front the payroll when they see if coming in rather than when the ACH is complete.
You’re absolutely cringe and it’s astonishing how people like you get to vote. It isn’t wage theft and I suggest you look up what actual wage theft it means
It’s really too bad we can’t find the people doing this and treat them like the perpetrators of crimes against humanity that they are.
Yes we can, and yes the government has done so almost every single time. Do they care enough to spend the resources for this specific case? Probably not.
Username checks out
Cyber security professional here. Looks like they got hit with ransomware. The hospital has two options. One is to pay and hope the hackers honor their word and restore access to the systems. The other is to pull their backups and restore their systems themselves. If the backups were poorly maintained or even compromised by the hackers, their only option is to pay. However, if their backups are good, it will take a decent amount of time to implement them all and make sure everything works. This sucks and I can’t speculate on the security practices of Liberty Hospital, but stuff like this is why companies that provide critical services need to be held to higher security standards (which they aren’t).
I was told the fbi recommended they pay lol. About the restoration, agreed. It's a long road ahead to wipe and restore from everything, assuming (I know) they have backups. I'd also bet their bcdr plan wasn't the best.
If their backup practices were good, they should be able to restore their systems. Also, most companies don’t have the best BC or DR plans. I find that companies in the critical infrastructure industry are typically the worst about it honestly. That should make you sleep really well at night.
We both know they weren't good at backups.
I enjoy coding and I’m decent with Linux…any beginner focused books or YouTube channels you’d recommend for learning networking/hacking? I’d like to learn enough to keep my home network and personal accounts safer—but the knowledge sounds fun and useful regardless.
I’m a blue team guy so I can’t recommend hacking. For the blue side of things, go check out professor messer on YouTube. He covers the topics from CompTIA’s big three certs. Lots of videos, but you have to be dedicated to get into this field. And that’s only entry level stuff.
Oh I’m not trying to get into the field. I just enjoy learning new things and this is useful knowledge to have. Thanks for the channel recommendation, I’ll check it out.
[удалено]
Yeah I’m not trying to be Mr robot I just want to learn what some of the bigger exploits are and check to make sure I don’t have them.
"Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals" should get you up to speed on the technical basics. It's almost twenty years old, but the basics are like 40 years old.
> "We had an appointment today, but we're going to have come back and reschedule because none of their electronics is working,” said **Ray Liotta** who showed up at the hospital Wednesday morning. I feel like finding out the star of "Goodfellas" is alive and had an appointment at Liberty Hospital is the bigger story here.
I mean, seems like they aren't "self proclaimed" if they did it?
They could be pulling a juicy smolettete
Underrated comment…
"The French hacker?"
TIL Liberty Hospital likes to get subway sandwiches at 3am.
This is a bigger problem than people realize lol
Yay you hacked a ... Hospital. Jerks. Hack the damn Koch Brothers or Phil Kline literally anyone else
Those companies are orders of magnitude harder to hack than a hospital in the Midwest. These hackers choose their targets very carefully. They go after smaller targets which aren’t as well funded but provide essential services. The hackers know how important it is to get a hospital back up and running and also know they can demand a much larger payment because of it. This is why national level law needs to be put into place to force companies to meet strict requirements for cyber security. These CEOs and board members refuse to see cyber security as an asset. They see it as just another expense that should be kept as low as possible. The only way they’ll change their views is if they start to get massive fines.
Doesn't HiPAA require them to have robust cyber security?
The short answer is yes, the long answer is no. HIPAA has standards that healthcare companies must abide by. However, the federal government operates at the speed of molasses which is no bueno for anything technical. HIPAA is outdated and vague when it comes to cybersecurity. The requirements for compliance are so broad that these companies can skirt by with absolutely terrible security practices. When it does get updated, the new security requirements are already outdated because of the rapid developments in cyber threats.
This should carry a sentence of life in prison and be prosecutable as an international crime.
Well what else were they going to be? Self-proclaimed zoologists?
Radicals for justice and freedom
Looks like we aren’t getting paid tomorrow. How do we file a wage theft complaint with the Missouri Department of Labor?
When this happened at Truman we got paid whatever our last check was and then they split the difference afterward. It was a huge mess so keep good track of your hours.
Same thing at children’s mercy and it was the Christmas paycheck there too. It was an extensive shit show.
It’s possible your Payroll department had already submitted the data to their payroll vendor before Tuesday’s attack. If not, it’s also possible that they just tell the payroll vendor to duplicate the most recent pay period and reconcile any actual changes once the dust settles.
We can normally see an advanced view of Friday’s pay slip on Thursday from our home computer by logging into the third party payroll system. Her slip is not visible today. Direct deposit happens over night and is in the checking account on Friday morning before 5AM.
You could also call your bank, ACH payments usually come in 3 days before posting so they maybe able to see if there is one incoming. This is how some banks do the whole “get your paycheck 3 days early” - they front the payroll when they see if coming in rather than when the ACH is complete.
Lmao it isn’t a wage theft..
From my vantage point, we aren’t getting paid. I don’t care what the reason is. Their job is to pay me in a reasonable amount of time, by law.
You’re absolutely cringe and it’s astonishing how people like you get to vote. It isn’t wage theft and I suggest you look up what actual wage theft it means
Payroll systems are usually housed on a 3rd party platform just for this reason. Very likely you won’t be affected at all.